Bug#429339: Needs to use libphp-phpmailer

[Moritz Muehlenhoff]

Package: moodle
Severity: serious

Your package includes a copy of PHPMailer, which also is packaged as
libphp-phpmailer in the archive. You need to fix your package
to use the system-wide library. Otherwise it requires too much overhead
whenever a vulnerability in PHPMailer is found. (like right now CVE-2007-3215)

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#429339: Needs to use libphp-phpmailer

[Isaac Clerencia]

On Sunday, 17 June 2007, Moritz Muehlenhoff wrote:
 Package: moodle
 Severity: serious

 Your package includes a copy of PHPMailer, which also is packaged as
 libphp-phpmailer in the archive. You need to fix your package
 to use the system-wide library. Otherwise it requires too much overhead
 whenever a vulnerability in PHPMailer is found. (like right now
 CVE-2007-3215)

Moodle's integration of phpmailer requires some modifications to phpmailer, so 
I can't just use Debian's phpmailer.

The current vulnerability doesn't even affect Moodle. I could have said it 
before so I know that since last Wednesday. Sorry for that.

Best regards
-- 
Isaac Clerencia at Warp Networks, http://www.warp.es
Blog: http://people.warp.es/~isaac/blog/
Work: [EMAIL PROTECTED]   | Debian: [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part.